On Tue 18-04-06 13:13:03, Crispin Cowan wrote:> Valdis.Kletnieks@vt.edu wrote:> > If we heave the LSM stuff overboard, there's one thing that *will* need> > addressing - what to do with kernel support of Posix-y capabilities. Currently> > some of the heavy lifting is done by security/commoncap.c.> >> > Frankly, that's *another* thing that we need to either *fix* so it works right,> > or rip out of the kernel entirely. As far as I know, there's no in-tree way> > to make /usr/bin/ping be set-CAP_NET_RAW and have it DTRT.> > > This has actually been one of the interesting developments in AppArmor.> I also had no use for POSIX.1e capabilities; I thought they were so> awkward as to be useless. That is, until we integrated capabilities into> AppArmor profiles.> > Consider this profile for /bin/stty> /bin/stty {> #include <abstractions/base>> > capability sys_tty_config,> > /bin/stty r,> }> > This policy basically allows stty to run, read its own text file, and> use the capability sys_tty_config. Even though it may run as root, this> profile confines it to *only* have sys_tty_config.

What happens if I ln /bin/stty /tmp/evilstty, then exploitvulnerability in stty? Pavel-- Thanks, Sharp!-To unsubscribe from this list: send the line "unsubscribe linux-kernel" inthe body of a message to majordomo@vger.kernel.orgMore majordomo info at http://vger.kernel.org/majordomo-info.htmlPlease read the FAQ at http://www.tux.org/lkml/